refactor: update validation data structure and improve function documentation

- Removed optional `repoId` from `ExtensionPublishValidationData` and adjusted related function to reflect this change.
- Added a note in the `validateJsrPackageAsKunkunExtension` function documentation to clarify frontend/backend verification logic.
- Updated `ExtPublishMetadata` to rename `repoId` to `repoNodeId` for clarity.

packages/package-registry/src/jsr/index.ts

@@ -209,6 +209,7 @@ export function jsrPackageExists(scope: string, name: string, version?: string):
 
 /**
  * Validate a Jsr package as a Kunkun extension
+ * !This function will also run in frontend, so if there is any verification logic that must be run in backend, do not add it here
  * - check if jsr pkg is linked to a github repo
  * - check if jsr pkg is signed with github action
  * - check if user's github username is the same as repo's owner name
@@ -373,15 +374,6 @@ export async function validateJsrPackageAsKunkunExtension(payload: {
 	}
 	const rekorInfo = await getInfoFromRekorLog(rekorLogId)
 
-	/* -------------------------------------------------------------------------- */
-	/*                             Get GitHub Node ID                             */
-	/* -------------------------------------------------------------------------- */
-	const githubRepoMetadata = await getGitHubRepoMetadata(
-		githubRepo.owner,
-		githubRepo.name,
-		payload.githubToken
-	)
-
 	return {
 		data: {
 			pkgJson: parseResult.output,
@@ -397,8 +389,7 @@ export async function validateJsrPackageAsKunkunExtension(payload: {
 				commit: rekorInfo.commit,
 				repo: githubRepo.name,
 				owner: githubRepo.owner,
-				workflowPath: rekorInfo.workflowPath,
+				workflowPath: rekorInfo.workflowPath
-				repoId: githubRepoMetadata.node_id
 			}
 		}
 	}

packages/package-registry/src/models.ts

@@ -74,8 +74,7 @@ export const ExtensionPublishValidationData = v.object({
 		commit: v.string(),
 		repo: v.string(),
 		owner: v.string(),
-		workflowPath: v.string(),
+		workflowPath: v.string()
-		repoId: v.optional(v.string())
 	})
 })
 export type ExtensionPublishValidationData = v.InferOutput<typeof ExtensionPublishValidationData>

packages/package-registry/src/npm/index.ts

@@ -2,6 +2,7 @@ import { ExtPackageJson, License } from "@kksh/api/models"
 import * as v from "valibot"
 import {
 	authenticatedUserIsMemberOfGitHubOrg,
+	getGitHubRepoMetadata,
 	parseGitHubRepoFromUri,
 	userIsPublicMemberOfGitHubOrg
 } from "../github"
@@ -237,6 +238,7 @@ export async function validateNpmPackageAsKunkunExtension(payload: {
 		provenance.summary.sourceRepositoryDigest,
 		parseResult.output.readme ?? "README.md"
 	)
+
 	return {
 		data: {
 			pkgJson: parseResult.output,

packages/supabase/src/models.ts

@@ -21,7 +21,9 @@ export const ExtPublishMetadata = v.object({
 			owner: v.string("GitHub owner of the extension"),
 			commit: v.string("Commit hash of the extension"),
 			workflowPath: v.string("Workflow path of the extension"),
-			repoId: v.optional(v.string("GitHub repo node ID of the extension"))
+			repoNodeId: v.optional(
+				v.string("GitHub repo node ID of the extension (a string, not the number id)")
+			)
 		})
 	)
 })